CVE-2026-43429
USB: usbtmc Driver Timeout Handling Fix
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact system stability and reliability. Because the usbtmc driver can hang a kernel thread indefinitely when a user specifies a long timeout, it may lead to resource exhaustion or denial of service conditions on the affected system. This could degrade system performance or cause certain USB devices to become unresponsive.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's usbtmc driver, which handles USB Test and Measurement Class devices. The driver accepts timeout values from users through an ioctl command and uses these timeouts in usb_bulk_msg() calls. However, usb_bulk_msg() uses unkillable waits, meaning if a user specifies an arbitrarily long timeout, it can cause a kernel thread to hang indefinitely. The vulnerability is resolved by replacing usb_bulk_msg() with usb_bulk_msg_killable(), which allows the wait to be interrupted and prevents indefinite hanging.